Cyber Criminals Strike Just Hours Into New Year
For many people enjoying the festive period, yesterday was their first official workday of 2019. Despite the fact that many businesses have been closed in the opening week of the year, the first data breach has been noted.
In fact, whilst many people were enjoying the New Year festivities, cyber criminals were hard at work infiltrating the Australian Civil Service. The successful hack phished the necessary information from a civil service employee.
The UK may not have uttered the words ‘Happy New Year’ by the time Victoria’s Premier Department had been breached and 30,000 Australian Civil Servants’ details were stolen, but the attack highlights the determined efforts and sophistication of cyber fraud.
The attack meant that cyber criminals now have access to phone numbers, names, job titles and work emails.
The Victoria Premier Department spokesperson, said: “The Government will ensure any learnings from the investigation are put in place to better protect against breaches like this in the future.”
The data breach highlights the importance of continual and robust cyber security protocols. Despite the breach taking place during the holiday season, the Australian Civil Service were targeted and exposed to reputational damage.
Despite the difficulties in defending a firm from increasingly sophisticated and innovative phishing attempts, there are a number of approaches a firm can deploy to reduce the risk:
People are a weak link when it comes to cyber security. They open phishing emails, download infected files, choose weak passwords, fail to regularly change passwords and are tricked into revealing sensitive information.
Every member of the firm should be trained in understanding the threat and how to best repel attempted attacks.
Healthy IT practices such as choosing strong passwords, regularly changing them and not downloading unknown files should be implemented as a matter of course by everyone from board members down.
Regular training to alert all staff to new scams is essential and the message about cyber security should be driven home to the extent that everyone is aware of it at all times.
- Keep software updated
One of the mistakes the NHS made that left it vulnerable to attack was failing to patch and update software.
Software manufacturers are constantly making revisions to deal with new threats. Firms should have a robust system in place to ensure that updates are applied as soon as they are available. Old systems should be assessed to see if they are weak, as this is an area that hackers look to exploit.
- Password security
Finding weak passwords can be easy work for hackers. Staff members need to use strong, random passwords, preferably created by a password generator.
A password manager can be used to store the password in encrypted form. All the individual needs to remember is the single password for the manager.
Passwords should never be repeated or used for more than one application, and regular password changes should be routinely scheduled, especially when there are personnel changes.
- Two-factor authentication
Two-factor authentication or 2FA stops hackers who have a valid username and password from gaining access to a system or database. 2FA requires not just something you know, but something you have as well. Knowing the password alone is not enough; a code or other secondary authentication is needed, often sent via the user’s mobile phone.
Other secondary methods of authentication include tokens or biometric data.
- Data encryption
Encryption is one of the most important methods of protecting data. Data loss protection software uses an algorithm to put information into a coded form that is unreadable without the key or decryption code. It is essential for the protection of data sent across networks. Law firms should also routinely encrypt all stored data in this way.
When over 5.6 billion email accounts are said to have been pwned or accessed by cyber criminals, the ability to ensure the cyber security of your firm has never been more important.